IdentitiesOnly and PKCS

Aaron Jones me at
Wed Dec 1 10:50:47 AEDT 2021

I use private keys in a smartcard (OpenPGP in my case, via
gpg-agent(1)'s SSH socket).

If you pass IdentityFile=/path/to/public-key, it will use it when
IdentitiesOnly=yes. In short, IdentitiesOnly=yes instructs ssh(1) to
*only* use the IdentityFile given to it explicitly. When the private key
is not on disk, you have to give it the *public* key instead to
accomplish this.

If it did in the past automatically fetch keys from an agent without you
having to give one to an IdentityFile, that seems like a bug, and it
being fixed probably explains the "regression" you're seeing.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the openssh-unix-dev mailing list